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CLAIMS 

1-27. (Canceled) 

28. (Previously Presented) A machine-implemented method, comprising: 

establishing, within a global operating system environment provided by an operating 
system (OS) kernel, a first non-global zone which serves as a first virtual platform for 
supporting and isolating user processes, wherein the first non-global zone is a separate and 
distinct OS partition of the global operating system environment having a first zone identifier 
associated therewith, and wherein the first non-global zone is established and exists without 
requiring any user processes to be running therein; 

establishing, within the global operating system environment, a second non-global 
zone which serves as a second virtual platform for supporting and isolating user processes, 
wherein the second non-global zone is a separate and distinct OS partition of the global 
operating system environment having a second zone identifier associated therewith, and 
wherein the second non-global zone is established and exists without requiring any user 
processes to be running therein; 

executing a first set of one or more user processes within the first non-global zone; 

executing a second set of one or more user processes within the second non-global 
zone; and 

isolating the first set of one or more user processes within the first non-global zone 
and the second set of one or more user processes within the second non-global zone such that 
the first set of one or more user processes cannot access processes in the second non-global 
zone and the second set of one or more user processes cannot access processes in the first 
non-global zone; 



SUN 030243-US-NP 



3 



Docket No. 15437-0592 



wherein the first and second non-global zones are established by the OS kernel, and 
wherein the OS kernel enforces zone boundaries to isolate the first set of one or more user 
processes within the first non-global zone and the second set of one or more user processes 
within the second non-global zone. 

29. (Previously Presented) The method of claim 28, wherein the OS kernel provides 
services that are invoked by the first set of user processes, and wherein the services are 
invoked by the first set of user processes through the first virtual platform. 

30-31. Canceled 

32. (Previously Presented) The method of claim 28, 

wherein a first set of resources are associated with the first non-global zone and a 
second set of resources are associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of one or more user 
processes through the first virtual platform and the second set of resources are accessed by 
the second set of one or more user processes through the second virtual platform; and 

wherein the first set of resources and the second set of resources each include one or 
more resources from the group consisting of a network interface, a communications interface, 
a file system, a system console, a DASD address, and an operating system service process. 
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33. (Previously Presented) The method of claim 32, wherein isolating the first set of user 
processes within the first non-global zone and the second set of user processes within the 
second non-global zone further comprises: 

preventing the first set of user processes from accessing the second set of resources 
associated with the second non-global zone; and 

preventing the second set of user processes from accessing the first set of resources 
associated with the first non-global zone. 

34. (Previously Presented) The method of claim 32, wherein executing the first set of 
user processes within the first non-global zone causes a first application environment to be 
established within the first non-global zone, and wherein the method further comprises: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
disassociating the first set of resources from the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

35. (Previously Presented) The method of claim 32, wherein executing the first set of 
user processes within the first non-global zone causes a first application environment to be 
established within the first non-global zone, and wherein the method further comprises: 

receiving a command to halt the first non-global zone; 
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in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
performing one or more tasks from the group consisting of stopping a 

scheduler process, unmounting one or more file systems, closing one 
or more network interfaces, and removing configurations for devices 
associated with the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

36. (Previously Presented) The method of claim 28, further comprising: 

allowing a first administrator to manage processes and resources within the first non- 
global zone, wherein the first administrator is not allowed to manage processes and resources 
within the second non-global zone; and 

allowing a second administrator to manage processes and resources within the second 
non-global zone, wherein the second administrator is not allowed to manage processes and 
resources within the first non-global zone. 

37. (Currently Amended) The method of claim 28, wherein establishing the first non- 
global zone comprises: 

accessing configuration information associated with the first non global zone; 
installing files and directories necessary for the first non global zone to function; and 
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readying the first non global zone by performing one or more tasks from the group 
consisting of assigning the first zone identifier, starting a scheduler process, establishing 
plumbing one or more network interfaces, and mounting one or more file systems^ 
initializing a system console, and configuring one or more devices ; 

wherein readying establishing the first non-global zone does not include executing 
user processes within the first non-global zone. 

38. (Previously Presented) The method of claim 37, wherein the configuration 
information comprises one or more parameters from the group consisting of a zone name, a 
path to a root directory for the first non-global zone, specification of one or more file systems 
to be mounted when the first non-global zone is created, specification of one or more 
network interfaces, specification of one or more devices to be configured when the first non- 
global zone is created, and specification of resource controls to be imposed on the first non- 
global zone. 

39. (Previously Presented) The method of claim 28, wherein executing the first set of 
one or more user processes within the first non-global zone comprises: 

executing an initialization process; and 

initializing, by the initialization process, execution of the first set of one or more user 
processes. 
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40. (Previously Presented) A machine-readable storage medium storing one or more sets 
of instructions which, when executed by one or more processors, cause the one or more 
processors to perform the steps of: 

establishing, within a global operating system environment provided by an operating 
system (OS) kernel, a first non-global zone which serves as a first virtual platform for 
supporting and isolating user processes, wherein the first non-global zone is a separate and 
distinct OS partition of the global operating system environment having a first zone identifier 
associated therewith, and wherein the first non-global zone is established and exists without 
requiring any user processes to be running therein; 

establishing, within the global operating system environment, a second non-global 
zone which serves as a second virtual platform for supporting and isolating user processes, 
wherein the second non-global zone is a separate and distinct OS partition of the global 
operating system environment having a second zone identifier associated therewith, and 
wherein the second non-global zone is established and exists without requiring any user 
processes to be running therein; 

executing a first set of one or more user processes within the first non-global zone; 

executing a second set of one or more user processes within the second non-global 
zone; and 

isolating the first set of one or more user processes within the first non-global zone 
and the second set of one or more user processes within the second non-global zone such that 
the first set of one or more user processes cannot access processes in the second non-global 
zone and the second set of one or more user processes cannot access processes in the first 
non-global zone; 
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wherein the first and second non-global zones are established by the OS kernel, and 
wherein the OS kernel enforces zone boundaries to isolate the first set of one or more user 
processes within the first non-global zone and the second set of one or more user processes 
within the second non-global zone. 

41. (Previously Presented) The machine-readable storage medium of claim 40, wherein 
the OS kernel provides services that are invoked by the first set of user processes, and 
wherein the services are invoked by the first set of user processes through the first virtual 
platform. 

42-43. Canceled 

44. (Previously Presented) The machine-readable storage medium of claim 40, 

wherein a first set of resources are associated with the first non-global zone and a 
second set of resources are associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of one or more user 
processes through the first virtual platform and the second set of resources are accessed by 
the second set of one or more user processes through the second virtual platform; and 

wherein the first set of resources and the second set of resources each include one or 
more resources from the group consisting of a network interface, a communications interface, 
a file system, a system console, a DASD address, and an operating system service process. 
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45. (Previously Presented) The machine-readable storage medium of claim 44, wherein 
isolating the first set of user processes within the first non-global zone and the second set of 
user processes within the second non-global zone further comprises: 

preventing the first set of user processes from accessing the second set of resources 
associated with the second non-global zone; and 

preventing the second set of user processes from accessing the first set of resources 
associated with the first non-global zone. 

46. (Previously Presented) The machine-readable storage medium of claim 44, wherein 
executing the first set of user processes within the first non-global zone causes a first 
application environment to be established within the first non-global zone, and wherein the 
machine-readable storage medium further stores one or more sets of instructions for causing 
the one or more processors to perform the steps of: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
disassociating the first set of resources from the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

47. (Previously Presented) The machine-readable storage medium of claim 44, wherein 
executing the first set of user processes within the first non-global zone causes a first 
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application environment to be established within the first non-global zone, and wherein the 
machine-readable storage medium further stores one or more sets of instructions for causing 
the one or more processors to perform the steps of: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
performing one or more tasks from the group consisting of stopping a 

scheduler process, unmounting one or more file systems, closing one 
or more network interfaces, and removing configurations for devices 
associated with the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

48. (Previously Presented) The machine-readable storage medium of claim 40, wherein 
the machine-readable storage medium further stores one or more sets of instructions for 
causing the one or more processors to perform the steps of: 

allowing a first administrator to manage processes and resources within the first non- 
global zone, wherein the first administrator is not allowed to manage processes and resources 
within the second non-global zone; and 

allowing a second administrator to manage processes and resources within the second 
non-global zone, wherein the second administrator is not allowed to manage processes and 
resources within the first non-global zone. 
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49. (Currently Amended) The machine-readable storage medium of claim 40, wherein 
establishing the first non-global zone comprises: 

accessing configuration information associated with the first non global zone; 

installing files and directories necessary for the first non global zone to function; and 

readying the first non global zone by performing one or more tasks from the group 
consisting of assigning the first zone identifier, starting a scheduler process, establishing 
plumbing one or more network interfaces, and mounting one or more file systems T 
initializing a system console, and configuring one or more devices ; 

wherein readying establishing the first non-global zone does not include executing 
user processes within the first non-global zone. 

50. (Previously Presented) The machine-readable storage medium of claim 49, wherein 
the configuration information comprises one or more parameters from the group consisting of 
a zone name, a path to a root directory for the first non-global zone, specification of one or 
more file systems to be mounted when the first non-global zone is created, specification of 
one or more network interfaces, specification of one or more devices to be configured when 
the first non-global zone is created, and specification of resource controls to be imposed on 
the first non-global zone. 

51. (Previously Presented) The machine-readable storage medium of claim 40, wherein 
executing the first set of user processes within the first non-global zone comprises: 

executing an initializer process; and 
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initializing, by the initializer process, execution of the first set of user processes. 

52. (Previously Presented) An apparatus comprising: 

means for establishing, within a global operating system environment provided by an 
operating system (OS) kernel, a first non-global zone which serves as a first virtual platform 
for supporting and isolating user processes, wherein the first non-global zone is a separate 
and distinct OS partition of the global operating system environment having a first zone 
identifier associated therewith, and wherein the first non-global zone is established and exists 
without requiring any user processes to be running therein; 

means for establishing, within said global operating system environment, a second 
non-global zone which serves as a second virtual platform for supporting and isolating user 
processes, wherein the second non-global zone is a separate and distinct OS partition of the 
global operating system environment having a second zone identifier associated therewith, 
and wherein the second non-global zone is established and exists without requiring any user 
processes to be running therein; 

means for executing a first set of one or more user processes within the first non- 
global zone; 

means for executing a second set of one or more user processes within the second 
non-global zone; and 

means for isolating the first set of one or more user processes within the first non- 
global zone and the second set of one or more user processes within the second non-global 
zone such that the first set of one or more user processes cannot access processes in the 
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second non-global zone and the second set of one or more user processes cannot access 
processes in the first non-global zone; 

wherein the first and second non-global zones are established by the OS kernel, and 
wherein the OS kernel enforces zone boundaries to isolate the first set of one or more user 
processes within the first non-global zone and the second set of one or more user processes 
within the second non-global zone. 

53-54. Canceled 

55. (Previously Presented) The apparatus of claim 52, 

wherein a first set of resources are associated with the first non-global zone and a 
second set of resources are associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of one or more user 
processes through the first virtual platform and the second set of resources are accessed by 
the second set of one or more user processes through the second virtual platform; and 

wherein the first set of resources and the second set of resources each include one or 
more resources from the group consisting of a network interface, a communications interface, 
a file system, a system console, a DASD address, and an operating system service process. 

56. (Previously Presented) The apparatus of claim 55, wherein the means for isolating 
the first set of user processes within the first non- global zone and the second set of user 
processes within the second non-global zone further comprises: 
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means for preventing the first set of user processes from accessing the second set of 
resources associated with the second non-global zone; and 

means for preventing the second set of user processes from accessing the first set of 
resources associated with the first non-global zone. 

57. (Previously Presented) The apparatus of claim 55, wherein executing the first set of 
user processes within the first non-global zone causes a first application environment to be 
established within the first non-global zone, and wherein the apparatus further comprises: 

means for receiving a command to halt the first non-global zone; 
in response to the command to halt the first non-global zone: 

means for terminating all user processes executing within the first non-global 

zone, thereby terminating the first application environment; and 
means for disassociating the first set of resources from the first non-global 
zone; 

wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

58. (Previously Presented) The apparatus of claim 55, wherein executing the first set of 
user processes within the first non-global zone causes a first application environment to be 
established within the first non-global zone, and wherein the apparatus further comprises: 

means for receiving a command to halt the first non-global zone; 
in response to the command to halt the first non-global zone: 
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means for terminating all user processes executing within the first non-global 

zone, thereby terminating the first application environment; and 
means for performing one or more tasks from the group consisting of stopping 
a scheduler process, unmounting one or more file systems, closing one 
or more network interfaces, and removing configurations for devices 
associated with the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

59. (Currently Amended) The apparatus of claim 52, wherein the means for establishing 
the first non-global zone comprises: 

means for accessing configuration information associated with the first non global 

means for installing files and directories necessary for the first non global zone to 



means for readying the first non global zone by performing one or more tasks from 
the group consisting of assigning the first zone identifier, starting a scheduler process, 
establishing plumbing one or more network interfaces, and mounting one or more file 
systems , initializing a system console, and configuring one or more devices ; 

wherein readying establishing the first non-global zone does not include executing 
user processes within the first non-global zone. 
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60. (Previously Presented) The apparatus of claim 59, wherein the configuration 
information comprises one or more parameters from the group consisting of a zone name, a 
path to a root directory for the first non-global zone, specification of one or more file systems 
to be mounted when the first non-global zone is created, specification of one or more 
network interfaces, specification of one or more devices to be configured when the first non- 
global zone is created, and specification of resource controls to be imposed on the first non- 
global zone. 
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